《普华永道:2023年全球数字信任洞察调研中国报告 (英文版)(29页).pdf》由会员分享,可在线阅读,更多相关《普华永道:2023年全球数字信任洞察调研中国报告 (英文版)(29页).pdf(29页珍藏版)》请在三个皮匠报告上搜索。
1、2023 Global Digital Trust Insights Survey China reportChinese companies gearing up for a cyber-ready futureContents02Introduction03 Section 1Cybersecurity maturity and threat from competitors07 Section 2Cybersecurity disclosure plays a critical role in organisations approach12 Section 3Cybersecurity
2、 resilience needs to be fortified18 Section 4Taking ownership of cybersecurity transformation0326Closingremarks based on the findings27Contact us12023 Global Digital Trust Insights Survey China reportThe business world as we know it saw a paradigm shift as the COVID-19 pandemic had people working fr
3、om home throughout lockdowns and quarantines.The pandemic was a catalyst for accelerated digital transformation,growing the digital economy.As we continue to see the global migration towards a more digital economy,China is reinforcing its strength in cybersecurity as the country maintained its posit
4、ion as the worlds second-largest digital economy for several years.By June 2022,China had 1.05bn Internet users,with a penetration rate of 74.4%.The country also boasts the worlds largest 5G network,and is a leader in 5G technology and standardsi.The country has taken steps to significantly shore up
5、 data security across major industries ranging from finance to telecommunications.The Ministry of Industry and Information Technology(MIIT)and Cyberspace Administration of China(CAC),among 16 governmental bodies,jointly issued an important guideline in January 2023,which set a target for China to gr
6、ow its data security industry by 30%each year,to over RMB150bn(USD22.4bn)by 2025ii.Organisations and governments are leveraging the development of the digital economy and new technologies to remain competitive and relevant in the post-pandemic New Normal.With widespread digitalisation,institutions n
7、eed to further develop their cybersecurity capabilities to reduce their cyber vulnerabilities while preventing or mitigating cyber risks.At the same time,organisations need to stay ahead of technological developments to avoid the hefty costs of inactions or non-compliance in the event of a crisis.As
8、 organisations navigate both new technologies and stricter regulations,there is a heightened focus on cybersecurity.Companies cant afford to be at the centre of a data breach scandal and lose their goodwill.The results of our 2023 Digital Trust Insights Survey lay out how organisations are addressin
9、g the need for more comprehensive cybersecurity to satisfy both customers and regulators.This China report represents the views of 133 executives based in Mainland China and Hong Kong SAR.For the purpose of this report,China refers to the Peoples Republic of China,including Hong Kong.Where there is
10、a statistically significant difference in the survey results between Hong Kong SAR and Mainland China,results are presented separately.Introduction22023 Global Digital Trust Insights Survey China reportFigure 1.Please indicate the actual and expected change in your organisations revenue.Over the nex
11、t 12 monthsAs China and countries across the globe further develop their digital economy,both digital and non-digital businesses alike are exposed to cyber threats.The accelerated spread of technology at an unprecedented rate means that cybersecurity has never been more important.With the rise in th
12、e number of tech companies,regulations often end up playing catch upiii.Businesses need to take the initiative to understand their risk exposure and develop their cybersecurity in line with industry developments rather than regulations.Considering the context of the survey period,a smaller proportio
13、n of global executives(25%)saw a decrease in their organisations revenue over the last six to nine months compared to Chinese executives(40%).The converse was also true a larger proportion of global executives(59%)saw an increase in their organisations revenue in the same time frame compared to Chin
14、ese executives(49%).Despite historical data,executives everywhere expect an increase in their organisations revenue over the next 12 months(China:77%;Global:72%).This is likely due to economies opening up following the pandemic,as well as technological developments and adoption that will drive reven
15、ue.Cybersecurity maturity and threat from competitors32023 Global Digital Trust Insights Survey China reportGlobalChinaMainland ChinaHong KongNET:Decrease13%14%10%27%NET:Increase72%77%80%67%Technological developments will transform all industries,and governments,especially the Chinese government,are
16、 cracking down on cybersecurity.Following its implementation in 2017,Chinas Cybersecurity Law has been strictly enforced.As China deliberates updates to the law,further tightening of the law with higher penalties for violations and more responsibility for critical information infrastructure operator
17、s can be anticipatediv.In order to reinforce its national strength in cybersecurity,China has also established a national strategy on cybersecurity,bringing a number of laws and regulations in this area into effect.Chinas Data Security law came into effect in September 2021,requiring localisationof
18、data collected on Chinese citizens by foreign and domestic entities.It was soon followed by the implementation of the Personal Information Protection Law(PIPL),the first of its kind,in November 2021,and Chinese organisations have had to ensure compliance with the new regulations.With increased expos
19、ure to technology and a stricter regulatory environment,we can see a higher proportion of Chinese executives plan for an increase in their organisations cyber budget for 2023 compared to executives globally(China:73%;Global:65%).A mere 11%of Chinese executives anticipate a decrease in their budget(G
20、lobal:17%).31%of Chinese companies will have their cyber budget increase by 6-10%,while only 23%of global organisations will see the same.9%of Chinese organisations will see an increase of 15%or more.42023 Global Digital Trust Insights Survey China reportGlobalChinaMainland ChinaHong KongNET:Decreas
21、e17%11%10%17%NET:Increase65%73%76%63%Decrease by 15%ormore2%1%0%3%Decrease by 11-14%3%1%1%0%Decrease by 6-10%5%5%5%7%Decrease by 5%or less6%5%4%7%Unchanged13%10%9%13%Increase by 5%or less23%21%17%33%Increase by 6-10%23%31%35%17%Increase by 11%-14%11%12%15%3%Increase by 15%or more8%9%9%10%Figure 2:Ho
22、w is your organisations cyber budget changing in 2023?Changes to organisations cyber budget in 2023In terms of the characteristics of their budget allocation for cybersecurity activities over the next 12 months,the vast majority of Chinese CEOs say their cyber budget is informed by the quantificatio
23、n of cyber risks,reflects on their cyber priorities,and is adequate to help create value for their organisation,to a greater extent than their global counterparts.52023 Global Digital Trust Insights Survey China reportChinese and international organisations alike were impacted by an increase in thei
24、r exposure to cyberattacks due to the acceleration of digitisation since 2020,whether it be from cloud migration,the move to e-commerce and digital service delivery methods,the convergence of IT and operational technology,or the use of digital currencies for other global organisations,among others.M
25、ainland China perceives an increase in external demand for disclosures of cyber incidents and practices,especially as the current law calls for disclosure and transparency in cyber incident response and breach management by domestic corporations.At the same time,Hong Kong and global executives saw m
26、ore challenges in the quality of internal reporting for their organisations cyber exposure.GlobalChinaMainland ChinaHong KongIncrease in the organisations exposure to cyber attacks due to increased digitisation(e.g.migration to cloud,move to ecommerce and digital service delivery methods,use of digi
27、tal currencies,convergence of IT and operational technology etc.)1st1st1st1stChallenges in the quality of internal reporting on the organisations cyber exposure2nd3rd3rd2ndIncrease in external demand for disclosures of cyber incidents and practices3rd2nd2nd3rdIncrease in cyber breaches into our syst
28、ems4th4th4th4thChanges in the geopolitical environment that have made our organisation a target5th5th5th5thHeightened regulatory investigations or enforcement action or litigation6th6th6th6th62023 Global Digital Trust Insights Survey China reportGlobalChinaMainland ChinaHong KongIs aligned with the
29、business strategy91%93%95%87%Reflects our cyber priorities92%96%96%97%Is adequate for cybersecurity to help create value for my organisation91%96%96%97%Is balanced between our current and long-term needs91%95%96%90%Is informed by quantification of cyber risks91%97%97%97%Considers the risk appetite o
30、f the organisation91%92%92%93%Is allocated well against the risks that our organisation faces92%95%94%100%Figure 3:Considering the following statements,to what extent do they accurately represent your organisations cyber budget over the next 12 months?Respondents who stated To a great/some extentFig
31、ure 4:Which of the following has your organisation experienced since 2020?Impacts experienced by organisations since 2020(Ranked index)As the digital economy grows further,governments across the world are constantly trying to keep up with new developments and implement regulations to protect the pub
32、lic.Regulations such as the US Cybersecurity Incident Reporting for Critical Infrastructures Act of 2022 requires companies to report significant cyber incidents while providing incentives for reporting.China also has its own Cybersecurity Law which includes mandatory reporting for breaches as well
33、as penalties for compliance failuresv.Following the COVID-19 outbreak,the world saw a drastic pivot towards the digital economy,partly as a result of people spending more time with their mobile devices and more companies migrating to hybrid work model.Between that and the tightening regulatory envir
34、onment,since 2020,Chinese organisations experienced numerous challenges.Among the top were challenges in the quality of their internal reporting on cyber exposure,and an increase in external demand for disclosures of cyber incidents and practices.On one hand,some likely adopted a prevention is bette
35、r than cure mindset as they attempt to establish a comprehensive set of policies to ensure extensive internal reporting that both stay ahead of regulations and prevent cyber incidents that would require disclosure,potentially tarnishing their reputation.On the other,some organisations likely struggl
36、ed to keep up with the latest regulations and ensure their processes are compliant.Organisations have reinforced their cybersecurity and maintained a cautious attitude since 2020.Among impacts that Chinese and global organisations have experienced,heightened regulatory investigations or enforcement
37、action or litigation was ranked last.When it comes to stakeholder prioritisation for Chinese organisations,while the CEO and the board take up the first two spots,government agencies responsible for cybersecurity responses and regulators for consumer protection are third and fourth.This aligns with
38、the heightened disclosure requirements Chinese organisations are facing since regulations like the Cybersecurity Law,Data Security Law and PIPL have come into effect.72023 Global Digital Trust Insights Survey China reportCybersecurity disclosure plays a critical role in organisationsapproachGlobalCh
39、inaMainland ChinaHong KongBoard1st2nd2nd1stCEO2nd1st1st2ndValue chain participants3rd8th8th8thRegulators for consumer protection4th4th4th3rdAgencies responsible for national or federal cybersecurity responses5th3rd3rd7thIndustry regulators6th6th5th5thConsumer and other private advocacy groups7th7th6
40、th10thRegulators of financial reporting8th5th6th4thAgencies responsible for local cybersecurity responses9th10th6th6thLaw enforcement agencies10th9th6th9thFigure 5:Thinking about reporting to each of the following stakeholders,please rank these stakeholders in order of priority for your organisation
41、 to address over the next 12 months.Organisation priority in terms of addressing stakeholders(Ranked index)Chinese organisations tend to have a stronger response to regulatory changes with a closer adherence to regulations.A larger proportion of Chinese executives agree,or strongly agree,that their
42、organisation has the ability to disclose cyber practices,strategy and incidents externally,when compared to their global counterparts.In particular,86%of Chinese organisations can provide the required information about a material or significant incident within the required reporting period after the
43、 incident and 88%can effectively assess the materiality of a cyber incident for the purposes of reporting.82023 Global Digital Trust Insights Survey China reportWhile looking at how organisations manage and disclose internal risks,with the growing popularity of managed services,its critical for orga
44、nisations to understand the scope of their risk exposure beyond the primary level.With the focus on risk increasing globally,we can see there is a clearer picture on risk transparency across organisations and along the value chain where third-party entities are involved.85%of Chinese executives say
45、that theirorganisation can provide information about third-party cyber risk management 10 percentage points more than that of global executives.This is critical as 41%of Chinese organisations expect third-party breaches to significantly increase in 2023 when compared to 2022.92023 Global Digital Tru
46、st Insights Survey China reportFigure 6:To what extent do you agree or disagree with the following statements regarding your organisations ability to disclose cyber practices,strategy and incidents externally?Organisations ability to disclose cyber practices,strategy and incidents externally Respond
47、ents who stated Strongly agree/AgreeGlobalChinaMainland ChinaHong KongMy organisation can provide the required information about a material or significant incident within the required reporting period after the incident.81%86%85%87%My organisation can effectively assess the materiality of a cyber in
48、cident for the purposes of reporting.80%88%88%87%My organisation can describe the relevant cyber expertise on our board for the purposes of reporting.78%82%82%83%My organisation has a policy stating which information can or cannot be disclosed regarding cyber incidents.76%84%87%73%My organisation ca
49、n provide information about third-party cyber risk management.75%85%85%83%Figure 7:For each of the pathways by which adversaries can gain access to your systems,please select those that you expect to significantly affect your organisation in 2023 compared to 2022.Pathways that adversaries will signi
50、ficantly affect organisations102023 Global Digital Trust Insights Survey China reportGlobalChinaMainland ChinaHong KongMobile devices41%32%33%27%Email40%27%25%33%Cloud-based pathways38%44%43%47%Web applications37%45%43%53%Humans or user(insider or social engineering)37%37%39%30%Third-party/nth party
51、34%41%38%53%Endpoints(desktops,laptops)33%42%44%37%Software supply chain or access32%37%35%43%Remote access portals32%34%33%37%Internet of Things29%34%36%27%Operational technology26%44%45%43%Figure 8:To what extent does your organisation implement the following policies and practices related to the
52、management and governance of customer data?Respondents who stated Always/Frequently implementGlobalChinaMainland ChinaHong KongWe only use customer data when we have express consent79%78%83%60%We vet all the third parties and partners with whom we share customer data78%82%83%77%New products and serv
53、ices go through a data security and privacy evaluation before launch79%83%83%80%We apply an ethical framework to guide our use of customer data for various use cases77%74%75%70%We have a specific timeframe to respond to customers requests related to the information we keep on them77%74%76%70%Where r
54、egulations do not exist,we self-regulate through policies,guiding principles,and values77%77%82%63%We follow an opt-in,privacy-first strategy in our marketing efforts77%80%83%73%We limit,anonymise,and redact data collected through IoT/sensors/smart devices70%73%75%67%We use the newest techniques(e.g
55、.differential privacy)to pseudonymise our customers data72%73%76%63%We check for dark patterns in the way we design our customer-facing applications68%76%82%57%In this increasingly digital economy,Chief Information Security Officers(CISOs)have been designated the responsibility of managing third-par
56、ty risks.As organisations manage sensitive customer data,its comforting to know that they have policies in place to manage and govern customer data.Among these practices,the majority of organisations vet third parties and partners with whom they share customer data;however,a larger proportion of Chi
57、nese organisations do so more frequently(China:82%;Global:78%).Considering the recent implementation of the PIPL,such behaviour is expected to continue as data privacy will be at the forefront for all CISOs.112023 Global Digital Trust Insights Survey China reportOver the years,cybersecurity has beco
58、me a dynamic field rapidly shifting to keep pace with innovative business practices.As an integral part of operations,businesses need to ensure they have enough cybersecurity resilience to manage unexpected problems.Without resilience,cyber incidents can derail most,if not all,plans for business suc
59、cess,leading to financial losses,reputational damage and loss of trust.Assessing and preparing for risks in 2023 tests executives ability to work together,and lay out a plan that mitigates large-scale crises and avoids business disruption.Among the range of threats anticipated and accounted for in r
60、esilience plans,global organisations ranked a catastrophic cyberattack as the top.Chinese executives,on the other hand,at the time of the survey,ranked this third,after a resurgence of COVID-19 or a new health crisis and a looming global recession.Although this might have changed following Mainland
61、Chinas economic re-opening in December 2022 and the elimination of the majority of the countrys restrictive COVID-19 control measures.Its no surprise that Chinese respondents are prioritising plans for a new health crisis as the COVID-19 pandemic drastically affected the countrys economic landscape
62、and shaped its path to digital transformation in the past three years.To navigate the short-term domestic challenges after Chinas COVID-19 policy adjustment and economic reopening,Chinese organisations not only need to account for anticipated events in their risk plans,but they also need to build re
63、silience through these plans,including their capacity to withstand unanticipated cyberattacks.122023 Global Digital Trust Insights Survey China reportCybersecurity resilience needs to be fortified132023 Global Digital Trust Insights Survey China reportFigure 9:Thinking about overall risks to your or
64、ganisation over the next 12-24 months,please rank the top five scenarios that you are formally incorporating into your organisational resilience plans.Top five scenarios formally incorporated into organisations resilience plans(Ranked index)GlobalChinaMainland ChinaHong KongA catastrophic cyber atta
65、ck1st3rd3rd2ndGlobal recession2nd2nd1st8thA resurgence of COVID-19 or a new health crisis3rd1st2nd1stInflationary environment4th5th5th4thSupply chain bottlenecks5th6th6th3rdA new geopolitical conflict6th8th11th5thCommodity market volatility7th4th4th9thCredit crunch/significantly reduced access to ca
66、pital8th12th9th13thSignificant churn in our workforce9th9th8th10thSocial instability10th7th7th12thA natural disaster or extreme weather event11th10th10th10thSanctions enforcement12th11th12th6thA food crisis13th13th13th6thGlobalChinaMainland ChinaHong KongImproved operational technology security79%86
67、%90%73%Improved our ability to defend against ransomware77%82%83%77%Helped the business design“security and privacy”into new products and services75%83%83%80%Increased the value and efficiency of cyber resources75%84%83%87%Improved collaboration with OT/engineering73%83%85%77%Responded effectively t
68、o a breach or attack while ensuring no significant disruption and/or harm to our operations72%83%89%63%Anticipated a new cyber risk related to digital initiatives that allowed us to manage it before it affected our partners or customers71%83%86%73%Improved supply chain risk management70%77%81%63%Orc
69、hestrated cross-functional effort to comply with new regulation70%84%87%73%Detected a significant cyber threat to our business and prevented it from affecting our operations70%81%83%77%Figure 10:Please indicate whether or not your organisations cybersecurity team has accomplished the following in th
70、e past 12 months.Cybersecurity team accomplishments in the past 12 months(Respondents who stated Yes)142023 Global Digital Trust Insights Survey China reportThe good news is businesses are already building cybersecurity resilience their continuous effort,as guided by Chinas cybersecurity regulations
71、,are paying off.Cybersecurity has progressed on many fronts in the past 12 months.In that time frame,in line with their global counterparts,Chinese executives agree,or strongly agree,that their cybersecurity teams have achieved numerous accomplishments that reinforce their cybersecurity resilience i
72、n areas such as improved operational technology security(86%),increased value and efficiency of cyber resources(84%),and orchestrated cross-functional effort to comply with new regulations(84%).Over 77%of Chinese organisations saw these accomplishments,higher than the global level.152023 Global Digi
73、tal Trust Insights Survey China reportIn an interconnected world with growing complexity,risks can arise from any area.As it is impossible to completely safeguard against cyber riskvi,taking an all hazards approach for identifying sources of disruption is necessary for every organisation.More than s
74、even in ten Chinese organisations surveyed(73%)have developed a broad understanding of the risks they face,while 65%have formally co-ordinated and integrated business continuity and recovery,a larger proportion than the global average of 62%and 52%,respectively.Nevertheless,organisations need more f
75、lexibility,beyond what is currently employed,to further enable cybersecurity resilience.In a fast-paced digital world,speed and adaptability are essential for enterprises to achieve their objectives.With tougher and increasingly unconventional cyber challenges ahead,businesses need to maintain a lev
76、el of agility to enable quick and appropriate responses.Only 44%of Chinese organisations are promoting an integrated and agile operating model that can respond to a diverse set of disruptive events.This means the majority are using individual,pre-defined plans and tactical processes designed for res
77、ponding to specific disruptions that may not account for large-scale unexpected disruptions in a holistic manner.Theres still room to further improve cybersecurity resilience.Chinese organisations need to accelerate the development of anticipatory plans that will enable businesses to tackle incident
78、s proactively rather than reactively,while considering risks beyond high-priority critical systems.Similar to their global counterparts,only about half of Chinese organisations(52%;Global:53%)take an anticipatory and preventative approach by assuming that incidents will occur and embedding resilienc
79、e capabilities,including threat intelligence,to anticipate and withstand an occurring disruption.Less than half of the Chinese organisations(47%;Global 44%)consider secondary and tertiary dependencies.Figure 11:More than six in ten organisations develop a broad understanding of the risks they face,b
80、ut theres more still to do to promote an integrated,agile operating model and to consider more than just high priority critical systems in cyber resilience.Current cyber resilience approach and capability38%27%22%43%62%73%78%57%53%56%52%67%47%44%48%33%Develops a broad understanding of risks that cor
81、porations now face,and how to continue operations amid simultaneous risks across the entire organisationFocuses on isolated risk scenarios and how to address recovery for that specific disruptionPromotes an integrated and agile operating model that can respond to a diverse set of disruptive eventsUs
82、es individual,pre-defined plans and processes designed for responding to specific disruptionsGlobalMainlandChinaHong KongChina47%48%47%53%53%52%53%47%56%53%51%57%44%47%49%43%Takes an anticipatory and preventative approach by assuming that incidents will occur,and embedding resilience capabilities to
83、 withstand an occurring disruptionReacts to a disruption by invoking plans after an incident,and focusing on recovery to return to business operations after a failure or incidentConsiders secondary and tertiary dependencies,not only high-priority critical systems and processes,that the organisation
84、relies uponConsiders high-priority critical systems and operations required for continued operations162023 Global Digital Trust Insights Survey China reportGlobalMainlandChinaHong KongChinaGlobalMainlandChinaHong KongChinaGlobalMainlandChinaHong KongChinaFigure 11:More than six in ten organisations
85、develop a broad understanding of the risks they face,but theres more still to do to promote an integrated,agile operating model and to consider more than just high priority critical systems in cyber resilience.Current cyber resilience approach and capabilityFormally coordinates and integrates busine
86、ss continuity/disaster recovery,crisis management,incident preparedness/response,and threat intelligenceAddresses recovery and business continuity in an independent manner with individual platform and service teams48%35%29%57%52%65%71%43%172023 Global Digital Trust Insights Survey China reportGlobal
87、MainlandChinaHong KongChinaCybersecurity transformation involves numerous moving parts and various stakeholders,among which,the CEO and the board are prioritised.As employees are answerable to the CEO and the CEO is answerable to the board,it is critical for cybersecurity teams to involve the board
88、and senior management in discussions about the companys cyber risk strategy.Chinas Cybersecurity Law reinforces the importance of corporate leaders maintaining accountability and responsibility for cybersecurity within their respective organisations.Corporate leaders identified as directly responsib
89、le for serious network security incidents can be held personally liable for such breaches and would need to settle fines imposed out of pocket.The survey indicates that senior executives are held accountable for various cybersecurity issues.Globally,while CEOs are involved in cyber matters,CISOs wie
90、ld the most influence over several areas of cybersecurity.In terms of responsibilities,while the trend in China mostly aligns with that across the world,Hong Kong is seeing a different story play out.In global and Mainland Chinese organisations,CISOs are primarily responsible for numerous cyber acti
91、vities,namely:reporting on cyber and privacy risks to the board and senior management(Hong Kong:CIO);coordination on cyber incident response(Hong Kong:CDO);deciding on purchases of security solutions and technologies(Hong Kong:CIO);communicating with external stakeholders on cyber matters(Hong Kong:
92、CEO);managing third-party risks(Hong Kong:CIO);evaluating the cyber risks associated with business decisions(Hong Kong:CIO);cyber due diligence of M&A targets(Hong Kong:CIO);cyber insurance coverage and policies(Hong Kong:CIO);and securing operational technology/industrial internet of things(Hong Ko
93、ng:CIO).Compared to their global and Mainland Chinese counterparts,Hong Kong CIOs head up more areas of cybersecurity.We also see that global and Mainland Chinese CISOs are more empowered to advocate,collaborate,and orchestrate a better cyber future.182023 Global Digital Trust Insights Survey China
94、reportTaking ownership of cybersecurity transformationFigure 12:Who is primarily responsible for each of the following areas of cybersecurity within your organisation?*Top three responses shownReporting on cyber and privacy risks to the board and senior managementGlobalChinaMainland ChinaHong KongCI
95、SOCISOCISOCIO21%30%34%27%CIOCIOCDOCEO16%14%13%17%CEOCEOCEOCISO13%12%11%17%CFOCDOCIOCDO/CPO7%11%11%7%Securing software development operations(DevOps secured by DevSecOpsCIOCISOCISOCIO19%29%29%30%CISOCIOCIOCISO17%19%16%27%CTOCTOCTOCTO11%13%14%10%CEOCEOCEOCFO/Head of Engineering/Operations10%8%9%7%1920
96、23 Global Digital Trust Insights Survey China reportFigure 12:Who is primarily responsible for each of the following areas of cybersecurity within your organisation?*Top three responses shownCoordination on cyber incident responseGlobalChinaMainland ChinaHong KongCISOCISOCISOCDO25%32%37%17%CIOCIOCIO
97、CIO17%17%17%17%CEOCEOCEOCISO11%12%12%17%CDOCDOCDOCEO8%9%7%13%Deciding on cyber budgetCFOCFOCFOCIO20%26%28%20%CEOCISOCISOCISO17%23%24%20%CIOCIOCEOCFO14%11%10%17%CISOCEOCIOCTO14%10%9%13%202023 Global Digital Trust Insights Survey China reportFigure 12:Who is primarily responsible for each of the follo
98、wing areas of cybersecurity within your organisation?*Top three responses shownManaging data governance and privacyGlobalChinaMainland ChinaHong KongCIOCIOCDOCIO16%21%20%30%CDOCISOCISOCISO15%18%19%13%CISOCDOCIOCEO15%17%18%10%CEOCPOCPOCPO12%11%12%10%Deciding on purchases of security solutions and tec
99、hnologiesCISOCISOCISOCIO20%27%30%27%CIOCIOCFOCTO17%15%16%20%CEOCFOCIOCISO13%14%12%17%CFOCTOCEOCFO/COO/CRO11%11%10%7%212023 Global Digital Trust Insights Survey China reportFigure 12:Who is primarily responsible for each of the following areas of cybersecurity within your organisation?*Top three resp
100、onses shownCommunicating with external stakeholders on cyber mattersGlobalChinaMainland ChinaHong KongCISOCISOCISOCEO19%20%21%27%CIOCIOCOOCIO17%16%16%23%CEOCEO/COOCIOCISO16%14%14%13%CDOCDOCFO8%11%10%Managing third-party risksCISOCISOCISOCIO18%20%24%30%CIOCIOCEOCRO15%17%14%17%CEOCEOCIOCDO12%13%14%10%
101、CROCDO/CROCDOCEO10%11%11%10%222023 Global Digital Trust Insights Survey China reportFigure 12:Who is primarily responsible for each of the following areas of cybersecurity within your organisation?*Top three responses shownEvaluating the cyber risks associated with business decisionsGlobalChinaMainl
102、and ChinaHong KongCISOCISOCISOCIO23%30%34%27%CIOCIOCEOCISO15%17%15%17%CEOCEOCIOCRO12%12%15%13%CROCDOCDOCDO/CIRO/GC8%10%11%7%Cyber due diligence of M&A targetsCISOCISOCISOCIO17%23%27%27%CIOCIOCIOCDO17%18%16%10%CEOCEOCEOCFO13%11%13%10%CFOCDO/CFOCDO/CFOCAE/No single responsible executive/CCO/CEO/CISO8%
103、8%7%7%232023 Global Digital Trust Insights Survey China reportFigure 12:Who is primarily responsible for each of the following areas of cybersecurity within your organisation?*Top three responses shownCyber insurance coverage and policiesGlobalChinaMainland ChinaHong KongCISOCISOCISOCIO17%28%32%23%C
104、IOCIOCIOCFO14%18%17%17%CFOCFOCFOCISO14%11%10%13%CEOCDO/CROCDOCRO13%7%7%13%Securing operational technology(OT)/industrial internet of things(IIoT)CISOCISOCISOCIO18%29%31%30%CIOCIOCOOCISO17%15%12%20%CEOCOOCIOCTO10%11%11%10%CTOCDO/CFOCDOCFO/COO/CRO/Head of Engineering/Operations9%8%9%7%242023 Global Di
105、gital Trust Insights Survey China reportBusiness leaders have an important role to play in ensuring their organisation adopts a heightened security positionvii.In an ever-changing world,senior executives need to take ownership of their cybersecurity transformation,enabling organisations to rapidly i
106、dentify and reduce cyber risk while confidently adopting new digital technologies that support their strategic goalsviii.In terms of what will make the most difference in transforming cybersecurity across the organisation in the next 12-18 months,Chinas top three initiatives vary from those indicate
107、d by their global counterparts.Globally,ensuring all non-cybersecurity employees understand the potential cyber implications of their actions is the priority.While in China,strengthening the organisations data analytics capabilities on cyber and privacy activities(Global:2nd)is believed to be the ke
108、y driver of transformation,followed by consolidating enterprise technology solutions for a simpler tech stack/infrastructure.Chinese respondents also acknowledge the importance of leadership that drives cybersecurity throughout the organisation.252023 Global Digital Trust Insights Survey China repor
109、tChinaGlobal1 Strengthening our data analytics capabilities on cyber and privacy activitiesEnsuring all non-cybersecurity employees understand the potential cyber implications of their actions2 Consolidating enterprise technology solutions for a simpler tech stack/infrastructureStrengthening our dat
110、a analytics capabilities on cyber and privacy activities3 Leadership that drives cybersecurity throughout the organisationLeadership that drives cybersecurity throughout the organisation262023 Global Digital Trust Insights Survey China reportLooking forward,Chinas cybersecurity market is poised for
111、further growth in tandem with its proliferating digital economy,driven by:the increasing adoption of cloud-based services;the growing demand for advanced security solutions;the heightened awareness of cyber security threats;and the need to localise,and ringfence,systems,technology infrastructure and
112、 data in Mainland China.Additionally,the governments initiatives to increase the use of digital technology and enhance the institutional opening-up of key sectors are expected to present more opportunities to businesses who are cyber-ready for the future.Given the current dynamic environment,Chinese
113、 organisations must develop an integrated and agile operating model that is capable of responding to a variety of disruptive events.Such models should be built with the flexibility for quick and effective responses,instead of relying on static plans and processes that may not account for unforeseen
114、disruptions.Moreover,it is essential for organisations to adopt an all hazards approach when identifying potential sources of disruption,including gathering threat intelligence information and formulating actions in response to identified threats,in order to remain resilient to cyber risk.In a fast-
115、paced digital world,businesses must strive to maintain a level of agility,and develop and test anticipatory plans that can help them handle incidents proactively.To successfully achieve these objectives,senior executives must integrate cybersecurity transformation initiatives into their business str
116、ategy and enable organisations to confidently adopt new digital technologies.Closing remarks based on the findingsihttp:/ usKenneth WongMainland China and Hong Kong Digital Trust&Risk Cybersecurity and Privacy Leader,PwC Hong Kong+852 2289 Lisa LiMainland China Digital Trust&Risk Cybersecurity and P
117、rivacy Leader,PwC China+86(10)6533 Editorial and writingShivia GanglaniTerrance LuiJulie Wu272023 Global Digital Trust Insights Survey China report 2023 PwC.All rights reserved.PwC refers to the PwC network and/or one or more of its member firms,each of which is a separate legal entity.Please see for further details.